Type I = a false reject rate, rejecting someone who should be authenticated.
Type II = a false accept rate, authenticating an imposter.
CER is the point at which Type I and Type II errors are the same.

A password based on fact or opinion used as the secret code, which is usually easier for the user to remember. Ex. What is your mother's maiden name? What is your dog's name?

Define synchronous token devices.

Uses a clocking mechanism agreed upon by token device and authenticating service. The token device presents encrypted time values users who enter the values with their username to be validated by the authentication service.

What is an asynchronous token device?

Uses a challenge-response method to create one-time passwords. The authentication service sends the user a value, which he enters into the token device. The device encrypts or hashes this value and gives it to the user. The user sends it to the authentication service for validation.

What is a replay attack?

Capturing a message, packet, or credential set and resubmitting it with the goal of impersonating a legitimate user.

What is the difference between a smart card and a memory card?

A memory card holds user credentials in a magnetic strip and relies on a reader to process the information (ATM card). A smart card has a processor chip on it and actually processes information.

A user sends credemtial set to Kerberos which gives an encrypted ticket, the ticket is sent back validating user identity, and a session key is sent to both parties.

Define SESAME:

Secure European System for Applications in a Multi-vendor Environment. A single sign-on technology that is based upon Kerberos and improves upon it.

Define DAC:

Discretionary Access Control- owners of objects control who accesses them. Accsess is based entirely on the identity of the user or role a user plays within the company. ACLs are used.

Define MAC:

Mandatory Access Control (MAC) do not allow the access decisions to be made by data owners, instead a subject's clearance is compared to an object's classification. Every object has a security label (top secret, etc.)

What is RBAC?

Role-based Access Control- also called nondiscretionary models, make access decisions based on rights and permissions assigned to a role or group, not an individual. Ex. Active Directory Objects and groups.

Define Content-Dependent Access Control:

Used by databases. Uses lots of overhead and resources because each access request the db is scanned for content and then access granted or denied based on the subject's permissions.

What is RADIUS and how does it authenticate users?

RADIUS is Remote Authentication Dial-in User Service. Allows users to dial in over PPP or SLIP connections (modem or Internet). The access server is a middleman that accepts incoming calls, prompting the user for credentials and then passes them to the RADIUS server which verifies them by its database.

What is TACACS+?

Terminal Access Controller Access Control System - Similar to RADIUS, but is Cisco Proprietary and unlike RADIUS which only encrypts the user's password, TACACS encrypts the entire negotiation.

What is TEMPEST?

Standard for shielding (faraday cage) that allows for only an acceptable amount of radiation to escape from the system to avoid eavesdropping. White noise is another countermeasure for this, as well as control zones that use special rooms designed with special materials to block IR.

What is a Man-in-the-Middle Attack?

An intruder injects himself into an ongoing dialog between two computers so that he can intercept and read messages being passed back and forth.

What is the Pin of Death?

A type of DoS attack where an oversized ICMP packet or packets are sent to the victim causing it to freeze or reboot.

Which of the following is a true statement pertaining to intrusion detection systems?
A. Signature-based systems can detect new attack types.
B. Signature-based systems cause more false positives than behavior-based systems.
C. Behavior-based systems maintain a database of patterns to match packets and attacks.
D. Behavior-based systems have higher false positives than signature-based systems.

D. A behavior-based IDS learns about an environment and builds a profile. All future network activity is compared to the profile to try and uncover malicious events. A signature-based IDS maintains patterns of identified risks.

Which of the following is a countermeasure to traffic analysis attacks?
A. Control zones
B. Keystroke monitoring
C. White Noise
D. Traffic Padding

D. Traffic padding is the process of generating more traffic on the network to make it more difficult to monitor and analyze.

Define object reuse:

Several subjects access the same media or memory segments, causing sensitive data to become at risk of being uncovered. Leaving your data on the hard drive when throwing it away, etc.